Centralized intelligence on malicious, compromised, or suspicious software packages across major ecosystems.
MalPkg is a community-accessible platform that aggregates malicious package indicators, metadata, classifications, and timelines from major software ecosystems. Our mission is to help defenders identify supply-chain risks early and protect their software infrastructure.
Consolidated threat intelligence from multiple package repositories and security research.
Near real-time detection and cataloging of newly discovered malicious packages.
Built for security teams to strengthen their supply-chain defenses.
Comprehensive tools for supply-chain threat intelligence
Cross-ecosystem correlation and unified view of malicious packages from PyPI, npm, RubyGems, NuGet, and more.
Behavioral analysis, metadata inspection, and dependency heuristics to identify suspicious patterns.
Export data in JSON, STIX/TAXII formats with full API integration for automated workflows.
Track version-to-version changes and analyze risk evolution over the package lifecycle.
Advanced queries by ecosystem, author, tags, IOCs, risk scores, and more.
Configure alerts for new threats matching your dependencies or watch criteria.
Supply-chain attacks are among the fastest-growing threats in cybersecurity
Software supply-chain attacks have increased dramatically, with malicious actors targeting package registries to distribute malware at scale. A single compromised dependency can affect thousands of downstream projects and organizations.
MalPkg provides the intelligence needed to stay ahead of these threats, enabling proactive defense rather than reactive incident response.
Rapid triage and investigation of package-related alerts
Proactive searches for indicators of compromise in your environment
Verify your project dependencies against known malicious packages
Integrate checks into your build pipeline to block risky dependencies
Evaluate third-party software for supply-chain risks
Comprehensive coverage across major package ecosystems
Aggregation from public security advisories, CVE databases, and package registry reports.
Continuous scanning with behavioral analysis, code inspection, and metadata heuristics.
Researcher reports and community contributions with verification workflows.
Programmatic access to malicious package intelligence
GET
/api/v1/packages
List all cataloged malicious packages
GET
/api/v1/packages/{id}
Get detailed package information
GET
/api/v1/feeds
Access threat intelligence feeds (JSON, STIX)
GET
/api/v1/search
Search packages by various criteria
GET
/api/v1/indicators
Retrieve IOCs and detection signatures
{
"id": "mal-example-pkg",
"ecosystem": "npm",
"name": "example-malicious-package",
"version": "1.0.3",
"risk_score": 95,
"classification": "trojan",
"first_seen": "2024-01-15T08:30:00Z",
"indicators": {
"behaviors": ["data_exfiltration", "obfuscation"],
"network_iocs": ["*.malicious-domain.example"],
"file_hashes": ["sha256:a1b2c3d4..."]
},
"status": "confirmed",
"references": [
"https://example.com/advisory/2024-001"
]
}Built on open collaboration and verified research
Anyone can submit suspected malicious packages for review. Community contributions help expand coverage and improve detection.
All submissions undergo verification before publication. We maintain strict quality standards to minimize false positives.
Our detection criteria and classification methodology are publicly documented. Transparency builds trust.
We credit security researchers who contribute to our database. Recognition for the community that makes this possible.
Join our community of security researchers and help protect the software ecosystem.